Unrated severityNVD Advisory· Published Jun 1, 2014· Updated May 6, 2026
CVE-2014-0238
CVE-2014-0238
Description
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- bugs.php.net/bug.phpnvdIssue TrackingPatchVendor Advisory
- github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0nvdPatchThird Party Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
- secunia.com/advisories/59061nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/59329nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/59418nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/60998nvdNot ApplicableThird Party Advisory
- support.apple.com/kb/HT6443nvdThird Party Advisory
- www-01.ibm.com/support/docview.wssnvdThird Party Advisory
- www.debian.org/security/2014/dsa-3021nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/67765nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT204659nvdThird Party Advisory
News mentions
0No linked articles in our index yet.